mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Re: Review Request 50271: Created an isolator for Linux capabilities.
Date Thu, 22 Sep 2016 21:48:54 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50271/
-----------------------------------------------------------

(Updated Sept. 22, 2016, 11:48 p.m.)


Review request for mesos, Jay Guo and Jie Yu.


Changes
-------

Addressed Jie's comments,

* only build capabilities isolator under Linux,
* do not yet reject tasks with empty requested capability set when no agent capability isolation
active.


Bugs: MESOS-5275
    https://issues.apache.org/jira/browse/MESOS-5275


Repository: mesos


Description
-------

This isolator evaluates agent allowed capabilities and passes net
capabilities on to `mesos-containerizer` which enforces the
capabilities.

Capability information is passed via a new field in
`ContainerLaunchInfo`.


Diffs (updated)
-----

  include/mesos/slave/containerizer.proto 20db010ea158a813034b411111ce9cddac7d8317 
  src/CMakeLists.txt 42c52b60cc850901f2eff1545cf7900f4a65ca81 
  src/Makefile.am bfdb66a6969a35660d545210c1c6951926117ef3 
  src/slave/containerizer/mesos/containerizer.cpp 144b0db501d40d4e0bba12672723616bedd76e7e

  src/slave/containerizer/mesos/isolators/linux/capabilities.hpp PRE-CREATION 
  src/slave/containerizer/mesos/isolators/linux/capabilities.cpp PRE-CREATION 
  src/slave/containerizer/mesos/launch.hpp 859990cb85e9e8c06400397256cfc512f0811800 
  src/slave/containerizer/mesos/launch.cpp 48ec3707d772ec68e34acfc5adb47e25336ae8d3 
  src/slave/flags.hpp 3952d04f6a00ac1dca1adf2bea7cc6e415620ce5 
  src/tests/containerizer/isolator_tests.cpp b4d25e57df7f0e157769c9ae4f7847657c505e78 

Diff: https://reviews.apache.org/r/50271/diff/


Testing (updated)
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)
`make` (OS X, clang-4.0 w/o optimizations)


Thanks,

Benjamin Bannier


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message